User Management

Commands

  • Shows password attributes for the login name: passwd -s <username>
  • Unlocks a locked password: passwd -u <username>
  • Locks account for name: passwd -l <username>
  • Forces the user to change password at the next login: passwd -f <username>
  • Turn off aging while allowing user to retain current password: passwd -x -1 <username>
  • Default values for creating a user account: useradd -D

Files

  • Default settings: /etc/default/passwd
  • Encrypted password: /etc/shadow
  • Groups: /etc/group
  • Associates users and roles with authorizations and profiles: /etc/user_attr
  • Lock the user after repeated failed logins (LOCK_AFTER_RETRIES=YES): /etc/security/policy.conf
  • Configuration file for RETRIES parameter: /etc/default/login

UID

0 to 99 for system accounts
60001 is reserved for the nobody account
60002 is reserved for the noaccess account